package JDBC;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

/**
 * 使用预编译SQL语句解决SQL注入攻击问题
 */
public class JDBCDemo7 {
    public static void main(String[] args) {
        try (Connection connection = DBUtil.getConnection()){
            String sql = "SELECT id, username, password " +
                    "FROM user " +
                    "WHERE username = ? AND password = ?";
            //先将预编译SQL语句发送给数据库，将语句作用定死
            PreparedStatement preparedStatement = connection.prepareStatement(sql);
            preparedStatement.setString(1,"张三");
            preparedStatement.setString(2,"123456");
            ResultSet results = preparedStatement.executeQuery();
            if (results.next()){
                System.out.println("登陆成功");
            } else {
                System.out.println("登陆失败");
            }
        }catch (Exception e){
            e.printStackTrace();
        }
    }
}
